Share This:

Cybersecurity Threat AdvisoryThe holiday season is here, and organizations are facing an increased risk of cyberthreats with a notable focus on the activities of access brokers. These threat actors specialize in gaining and selling unauthorized access to organization accounts by orchestrating social engineering campaigns and exploiting seasonal vulnerabilities. There has been a significant surge in access broker activity, especially towards the end of the year. Cybercriminals are capitalizing on the distracted workforce, reduced staff, and operational changes that are typical during the holiday season. This Cybersecurity Threat Advisory includes Barracuda MSP recommendations for organizations to proactively understand their attack surface, prioritize identity protection, strengthen cloud defenses, know their adversaries, and practice essential cybersecurity hygiene regularly.

What is the threat?

During the holiday season, cyberthreats intensify, with increased online activities and vulnerabilities. Ransomware, constituting nearly 25 percent of malicious attacks in 2023 with average costs exceeding $5 million, strategically exploits the holiday period, taking advantage of limited IT support for impactful network exploitation and ransomware propagation.

Access brokers are a notable threat during this season and actively participate in sophisticated social engineering campaigns, exploiting vulnerabilities, and orchestrating well-crafted attacks. Phishing escalates, creating a surge in promotional emails and mimicking seasonal content, such as order and tracking emails, charity requests, and holiday event messages. Spear-phishing campaigns see a notable uptick as well, boasting an average click-through rate of 11 percent.

Concurrently, Distributed Denial of Service (DDoS) attacks proliferate, with approximately 7.9 million incidents recorded globally in the first half of 2023, marking a 31 percent increase from the previous year. These attacks strategically target eCommerce businesses and financial institutions during holiday peaks, aiming to disrupt operations in industries experiencing a surge in internet traffic.

Why is it noteworthy?

The holiday season introduces a significant shift in business operations, with many companies operating with a skeleton crew, making them susceptible to cyber threats. Notably, access brokers, who facilitate cybercrime by gaining and selling access to organizations, exhibit heightened activity during this period. CrowdStrike reports a 147 percent increase in access broker advertisements from July 2022 to June 2023, emphasizing their pivotal role in the eCrime ecosystem. Access brokers establish relationships with ransomware operators, capitalizing on the holiday season’s chaos to breach organizations, sell access to adversaries, and support ransomware campaigns. These threat actors strategically target organizations in retail, hospitality, and travel sectors, taking advantage of a weakened security posture during busy seasons. Access brokers’ adaptability, organizational structure, and exploitation tactics make them a formidable opponent, requiring organizations to better comprehend their strategies and bolster cybersecurity defenses to navigate the increased risks posed during the holiday season.

What is the exposure or risk?

A heightened risk emerges for both organizations and individual users engaging in online activities. Cyber threat actors, employing advanced social engineering and phishing tactics, particularly target users in the consumer goods sector during the holiday season. The tactics include SMS phishing, deceptive websites, and exploiting multifactor authentication fatigue, putting personal credentials and financial information at risk. This not only poses a threat to organizational security but also endangers regular users, emphasizing the importance of vigilance, strong security practices, and increased caution during online transactions to mitigate these potential risks and safeguard personal information and financial assets.

What are the recommendations?

Barracuda MSP recommends the following actions to limit the impact of a holiday cyberattack:

  • Implement Multi-Factor Authentication and Strong Passwords:
    • Ensure robust protection by implementing multi-factor authentication for remote access and administrative accounts.
    • Mandate strong, unique passwords to prevent unauthorized access, emphasizing the importance of not reusing passwords across multiple accounts.
  • Enhance Security Awareness and Monitoring:
    • Conduct regular employee training to raise awareness about phishing threats and the importance of not clicking on suspicious links.
    • Monitor potentially risky services like remote desktop protocol (RDP) to ensure secure usage and timely detection of any anomalies.
  • Proactive Measures and Incident Response:
    • Prioritize identity protection by enforcing MFA and assessing unusual network behavior promptly.
    • Update incident response and communication plans


For more in-depth information about the recommendations, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.

Share This:
Anika Jishan

Posted by Anika Jishan

Anika is a Cybersecurity Analyst at Barracuda MSP. She's a security expert, working on our Blue Team within our Security Operations Center. Anika supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.


  1. Very good info here


  2. Critically important to remind clients about the increase in risks around the holidays. And with frequently extended time off at this time of year, the threat actors will capitalize on this. Also, don’t forget to keep the SAT campaign running during the Holidays – training should be persistent!


  3. i cannot agree more, as we get closer to the holiday break there are fewer people and people are in a rush to get stuff done. Clearly not everyone is checking on content as closely or not 100% familiar with all the interactions of those that are away. so increase the risk of falling as a victim.


  4. Very informative article and very timely. Thank you for sharing!


  5. Valuable article, thank you for sharing.


  6. I’m now hearing radio ads for things like this. It’s nice to know that public announcers are helping spread the word about items such as mentioned in this article. The more warnings, the better. Great article.


  7. This article is definitely a good reminder to be more aware and not let your guards down.


  8. Very informative article. Great tips.


  9. This article is definitely a good reminder to be more aware and not let your guard down.


  10. Etienne Vander Elst December 18, 2023 at 2:46 am

    Sad times when the period you should be enjoying your time is also the time you should be worried and prepared for the worse in IT.

    Yet it is true and a good reminder there by SmarterMSP


  11. Thanks for the interesting article.


  12. stay safe this holiday season


  13. Good info and timely reminder. Thank you,


Leave a reply

Your email address will not be published. Required fields are marked *